U.S. Pat. No. 6,192,411 (“Mapping SNA session flow control to TCP flow control”, published 2001) discloses a TN3270 server that forwards a 3270 data stream from a System Network Architecture (SNA) connection to a Transmission Control Protocol (TCP) connection monitors the TCP connection for segments that acknowledge thereby-transmitted bytes. The TN3270 server also keeps track of the unacknowledged-byte window sizes specified by received TCP-connection-segments. It responds with a pacing response to a pacing-request-containing SNA message only when forwarding of previously received information from the SNA can be completed without resulting in a number of unacknowledged bytes that exceeds the specified window size.
U.S. Pat. No. 4,575,793 (“Personal-computer to 3270 system interfacing apparatus”, published 1986) discloses an apparatus for interfacing a personal-computer to a 3274/6 compatible cluster controller of a 3270 type system, the apparatus employing a special high-speed processor.
WO 03,073,724 (“System and method for detecting and eliminating IP spoofing in a data transmission network”, published 2004) and US 2003/110394 (“System and method for detecting and eliminating IP spoofing in a data transmission network”, published 2003) disclose a traffic management system that sniffs data arriving at any point in a system. The sniffer operates to extract certain data from each address. This data could be, for example, the IP address data and the physical address data. The extracted data is then used to access different data bases to determine if matches occur. Time stamps, sequencing and other parameters of each piece of data entering a system are used to control data access.
WO 02/100,039 (“System and method for traffic management control in a data transmission network”, published 2002) discloses a traffic management system that sniffs data arriving at any point in a system. The sniffer operates to remember certain parameters pertaining to the data. When the amount of data arriving at the point begins to reach a critical level (usually dependent upon data processing capability associated with the point), the system begins to remove (and share) subsequent arriving data based, in part, upon the remembered parameters of recently received data. Data that is stored is returned to the system when the critical threshold recedes.
WO 02/087124 (“Network analyzer/sniffer with multiple protocol capabilities”, published 2002) discloses systems and methods for automated testing of multiple-protocol network environments wherein data which is formatted according to a plurality of protocols in sequence is automatically identified and compared to determine whether the data has been correctly transformed from each protocol to the next. An indication of whether the data has been correctly transformed may be presented to a user, along with information about the data itself, such as commands which may be included therein. The information presented to the user is in a user-readable form rather than raw data in order to facilitate analysis of the information by the user.
U.S. Pat. No. 6,044,401 (“Network sniffer for monitoring and reporting network information that is not privileged beyond a user's privilege level”, published 2000) discloses a method and system for locating available information in a network environment by a user in a node. In a system aspect, within a node in the network, the system disclosed in U.S. Pat. No. 6,044,401 includes a network sniffer and an access sniffer. The access sniffer includes an access element and an access interface. The access element preferably includes a memory and a database. The access element accesses the network sniffer and filters out unavailable information by using information such as address and port numbers gathered by the network sniffer. Unavailable information includes information which is non-public or beyond the privilege level of the particular user. The access element evaluates data streams which are public information to determine if the data streams meet a predetermined criteria. If the data streams meet the predetermined criteria, then the data is saved in the database. The access element transfers only the information available to the particular user to the access interface. The access element can time itself for a limited amount of time for execution. Once the predetermined time period has expired, the access element is complete and it can save and transfer the appropriate information to the access interface.
U.S. Pat. No. 5,961,592 (“Screen identification system”, published 1999) discloses a method of identifying computer screens is disclosed. The method is particularly useful in identifying IBM host screens in script creation and playback. According to the method, a signature is composed for a given screen. The signature comprises characteristics of a given screen which differentiate that screen from substantially different screen displays. For an IBM host screen, signature composition is based upon the screens protected fields. The protected fields are further processed by removing transient information such as the date and time.
U.S. Pat. No. 5,644,717 (“System for generating local area network operating statistics based on monitored network traffic and method therefore”, published 1997) discloses a system for generating operating statistics for a network interconnecting at least two stations wherein each of those stations may send and receive messages during a session is implemented in software programmed to monitor the messages on the network, assign a direction to each of the messages with respect to the session based on the monitoring step, determine the role assumed by each of the stations based on the assigning step and calculate statistics for one of the stations based on the determining step.
U.S. Pat. No. 6,651,099 discloses a monitor for and a method of examining packets passing through a connection point on a computer network, each packet conforms to one or more protocols. The method of U.S. Pat. No. 6,651,099 includes receiving a packet from a packet acquisition device and performing one or more parsing/extraction operations on the packet to create a parser record comprising a function of selected portions of the packet. The parsing/extraction operations depend on one or more of the protocols to which the packet conforms. The method of U.S. Pat. No. 6,651,099 further includes looking up a flow-entry database containing flow-entries for previously encountered conversational flows. The lookup uses the selected packet portions and determines if the packet is of an existing flow. If the packet is of an existing flow, U.S. Pat. No. 6,651,099 classifies the packet as belonging to the found existing flow, and if the packet is of a new flow, the method stores a new flow-entry for the new flow in the flow-entry database, including identifying information for future packets to be identified with the new flow-entry. For the packet of an existing flow, the U.S. Pat. No. 6,651,099 updates the flow-entry of the existing flow. Such update may include storing one or more statistical measures. For any stage of a flow, state is maintained, and U.S. Pat. No. 6,651,099 performs any state processing for an identified state to further the process of identifying the flow. U.S. Pat. No. 6,651,099 thus examines each and every packet passing through the connection point in real time until the application program associated with the conversational flow is determined.
US 2003/0135,612 describes systems and methods of full time recording network traffic to a hierarchical data storage. Also described are systems and methods of retrieval of recorded network traffic from a hierarchically organized network data repository. Additionally there are systems and methods of efficiently filtering data in a hierarchically organized network data repository. Systems and methods of displaying recorded network data utilizing the retrieval systems are also included in US 2003/0135,612. Further included are systems and methods of providing sliding time window selection user interfaces.